Management service for the AMPT passive network tools monitor
AMPT is a practical framework designed to aid those who operate network IDS sensors and similar passive security monitoring systems. A tailored approach is needed to actively monitor the health and functionality of devices that provide a service based on capturing and inspecting network traffic. AMPT supports these types of systems by allowing operators to validate traffic visibility and event logging on monitored network segments. Examples of systems that can benefit from this type of monitoring are:
ampt-manager is the core component in the AMPT framework. It is simple to deploy and provides the following:
- Web-based management console
- Central point for configuration and management of AMPT nodes, including:
- Monitored network segments
- AMPT generator nodes
- AMPT monitor instances
- State of network visibility from the standpoint of monitored segments
- Logging and accounting of events related to monitoring process
- Configurable alerting/notifications when monitors for configured segments encounter degraded visibility
Other AMPT components include:
- ampt-generator - Health check packet generator for the AMPT passive network tools monitor
- ampt-monitor - Sensor alert monitor core package for the AMPT passive network tools monitor
See the Wiki for further documentation.